Technical Field
The present invention relates to an e-mail relay device, an e-mail relay method, and a program.
Related Art
A targeted e-mail is a spam e-mail targeting a specific target and feigning to be a valid e-mail for that target. Since the targeted e-mails, unlike other spam e-mails, are devised by humans, it is difficult to automatically perform a spam check.
Targeted e-mails are often attached with files. If a person is deceived by the described contents of the e-mail and ends up opening the attached file, there occurs the situation of being infected with a virus.
Hitherto, there have been the following measures against spam e-mails.
(1) A method of managing the IP address or domain of a server which has weak security and is used as a springboard or a server sending out a lot of spam e-mails, by blacklisting the address or domain, and taking measures against e-mails from such a server.
(2) A method of registering e-mail data (text, attached file, and addressed URL) reported as spam e-mail in a spam database in advance, and collating the database for an e-mail to verify whether or not there is a match for the e-mail.
Japanese Unexamined Patent Application Publication No. 2010-113447 discloses a technique in which, when an e-mail is received, determination is made on whether the e-mail is spam e-mail based on the feature of a transmission source e-mail server.
The method of (1) has the following problem. In a case where an exchange using simple mail transfer protocol (SMTP) is performed, the Internet protocol (IP) address of an e-mail transmission source could not be specified, and only the IP address of an e-mail server which is used by the e-mail transmission source or an e-mail server through which e-mail has passed is able to be specified.
Consequently, as in the technique disclosed in Japanese Unexamined Patent Application Publication No. 2010-113447, using a unit that determines whether an e-mail is spam e-mail based on the feature of the e-mail server used by the e-mail transmission source may be considered. However, in a case where the e-mail transmission source uses an e-mail server of an Internet service provider (ISP), an open proxy server, a free e-mail server, or the like as the e-mail server, identity information may be concealed, and thus it is difficult to check the reliability of the e-mail. In a case where such an e-mail server is used, it is difficult to apply a method of verifying the e-mail transmission source through transmission domain verification.
Generally, in SMTP, since e-mail servers to be used can be substantially freely selected, there is a problem in that information of an e-mail transmission source is insufficient, and that the verification thereof is not able to be performed.
The method of (2) has the following problem. It is often the case that targeted e-mails are customized for a specific target, and are data unique to e-mail text or an attached file. For this reason, since these e-mails take patterns which are not registered in a spam database in advance, it is difficult to detect the e-mails by this method.
An object of the present invention is to provide a new technique for determining the reliability of an e-mail.